国家自然科学基金(61872229, U19B2021); 教育部2020年度区块链核心技术战略研究项目(2020KJ010301); 陕西省重点研发计划(2020ZDLGY09-06, 2021ZDLGY06-04)
以区块链为底层技术的比特币、Libra等密码货币掀起了数字经济的浪潮. 密码货币采用数字签名保证交易的可验证性和完整性, 其中签名私钥确保了货币资产的所有权. 若签名私钥丢失或被盗, 货币资产的安全将受到严重威胁. 相比于椭圆曲线数字签名算法ECDSA, 基于爱德华曲线的数字签名算法EdDSA具备运算速度更快、密钥与签名空间更小等优势, 被用于Libra交易单的签名. 但因其是确定性签名, 容易遭受差分故障攻击, 造成密钥丢失或泄漏. 如何抵抗这一种攻击, 并设计可证明安全的EdDSA签名是一个挑战. 首先定义了抗差分故障攻击的数字签名方案需满足的安全性质, 利用差分故障攻击技术对EdDSA签名算法进行了分析, 提出了抗差分故障攻击的EdDSA签名方案, 并证明了方案满足存在不可伪造性和抗差分故障攻击性; 为了降低签名私钥泄漏风险, 借助Paillier同态加密技术, 设计了抗差分故障攻击的两方协同EdDSA签名方案, 并基于通用可组合安全模型(universally composable, UC)证明了方案的安全性; 最后, 对两方协同ECDSA签名算法与抗差分故障攻击的两方协同EdDSA签名算法计算复杂度分析与算法执行效率测试, 验证了方案的有效性.
Cryptocurrencies such as Bitcoin and Libra based on blockchain technology have set off a wave of digital economy, which can ensure the verifiability and integrity of transactions through digital signatures, in which the private key ensures the ownership of currency assets, if the private key was lost or stolen, the security of cryptocurrency assets will be significantly threatened. Compared with elliptic curve digital signature algorithm (ECDSA), Edwards curves digital signature algorithm (EdDSA) has the advantages of faster calculation speed, smaller key and signature space, and is widely used in the signature of Libra transactions. However, as a deterministic signature algorithm, it is vulnerable to differential fault attacks resulting in key loss and leakage. It is a challenge that how to resist this kind of attack and design a provably secure EdDSA signature. Therefore, we firstly define the security properties are firstly defined that the digital signature scheme against differential fault attacks that must be meet, and differential fault attack technology is utilized to cryptanalyze the EdDSA signature algorithm, and an EdDSA signature scheme that resists differential fault attacks is proposed, and it is proved that the scheme satisfies the existence of unforgeable under adaptive selection message attack (EUF-CMA) and resistance to differential fault attack. In order to reduce the risk of signature private key leakage, with the help of Paillier homomorphic encryption technology, we design a two-party cooperative EdDSA signature scheme against differential fault attack is designed, and prove the security of the scheme based on the universally composable (UC) security model is proved. Finally, we implement the two-party cooperative ECDSA signature algorithm and the two-party cooperative EdDSA signature algorithm against differential fault attack are implemented, and the implementation demonstrates that the effectiveness of the proposed scheme.